Loading...

SERVICES

image not found!

Data Protection Impact Assessment (DPIA

    • Data Protection Impact Assessment (DPIA

A Data Protection Impact Assessment (DPIA) is a process to help you identify and minimise the data protection risks of a project. You must do a DPIA for data processing that is likely to result in a high risk to individuals. This includes some specified types of processing. It is also good practice to do a DPIA for any other major project which requires the processing of personal data.
Risk Imperium will provide a DPIA review service to your organisation for projects involving personally identifiable data.

  • Your DPIA must:
    • describe the nature, scope, context and purposes of the processing;
    • assess necessity, proportionality and compliance measures;
    • identify and assess risks to individuals; and
    • identify any additional measures to mitigate those risks.
  • To assess the level of risk, you must consider both the likelihood and the severity of any impact on individuals. High risk could result from either a high probability of some harm, or a lower possibility of serious harm.
  • You should consult your data protection officer (if you have one) and, where appropriate, individuals and relevant experts. Any processors may also need to assist you.
  • If you identify a high risk that you cannot mitigate, you must consult the ICO before starting the processing.
  • If you are processing for law-enforcement purposes, you should read this alongside the Guide to Law Enforcement Processing.
  • The ICO will give written advice within eight weeks, or 14 weeks in complex cases. If appropriate, we may issue a formal warning not to process the data, or ban the processing altogether.
  • DPIA awareness checklist

☐ We provide training so that your staff understand the need to consider a DPIA at the early stages of any plan involving personal data.
☐ Your existing policies, processes and procedures include references to DPIA requirements.
☐ We help your staff understand the types of processing that require a DPIA, and use the screening checklist to identify the need for a DPIA, where necessary.
☐ We will create and documented a DPIA process for your organisation.
☐ We provide training for relevant staff on how to carry out a DPIA.